CVE-2019-12510
- EPSS 0.07%
- Published 24.02.2020 19:15:13
- Last modified 21.11.2024 04:23:00
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1...
CVE-2019-12511
- EPSS 0.43%
- Published 24.02.2020 19:15:13
- Last modified 21.11.2024 04:23:00
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this require...
CVE-2019-12512
- EPSS 0.33%
- Published 24.02.2020 19:15:13
- Last modified 21.11.2024 04:23:00
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be ins...
CVE-2019-12513
- EPSS 0.33%
- Published 24.02.2020 19:15:13
- Last modified 21.11.2024 04:23:00
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will ge...